Fix #51346: rgw/sts: Correct/improve/add thumbprint validation for incoming JWT from an oidc provider - rgw - Ceph

Actions

Copy link

Fix #51346

open

rgw/sts: Correct/improve/add thumbprint validation for incoming JWT from an oidc provider

Added by Pritha Srivastava almost 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

% Done:

Source:

Tags:

Backport:

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

Implement thumbprint evaluation for JWT using jwks_uri.
Also implement the validation of each certificate in the certificate chain in x5c field of of the JSON Web Keys based on RFC # 7515 and RFC # 5280.
Also correct anything that is wrongly implemented now.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Casey Bodley over 2 years ago

Related to Bug #51018: improve JWT token validation in accordance with JSON Web Key Set added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » rgw

Custom queries

Fix #51346

rgw/sts: Correct/improve/add thumbprint validation for incoming JWT from an oidc provider

Updated by Casey Bodley over 2 years ago